We present the first efficient compact e-cash scheme that does not rely on a random oracle in its security proof. To this end we construct efficient GS proofs for signature possession, pseudo randomness and set membership. The GS proofs for pseudorandom functions give rise to a much cleaner and substantially faster construction of simulatable verifiable random functions (sVRF) under a weaker number theoretic assumption. We obtain the first efficient fully simulatable sVRF with a polynomial sized output domain (in the security parameter).
Category / Keywords: cryptographic protocols / electronic commerce and payment Date: received 5 Mar 2009, last revised 11 Mar 2009 Contact author: markulf kohlweiss at esat kuleuven be Available format(s): PDF | BibTeX Citation Version: 20090311:135144 (All versions of this report) Short URL: ia.cr/2009/107 Discussion forum: Show discussion | Start new discussion